svn commit: trunk/uClibc/libc/stdlib/malloc-simple

vapier at uclibc.org vapier at uclibc.org
Wed Apr 11 22:52:22 UTC 2007


Author: vapier
Date: 2007-04-11 15:52:20 -0700 (Wed, 11 Apr 2007)
New Revision: 18406

Log:
POSIX says you can use realloc() to shrink buffers ... make sure we dont trigger a buffer overflow in that case

Modified:
   trunk/uClibc/libc/stdlib/malloc-simple/alloc.c


Changeset:
Modified: trunk/uClibc/libc/stdlib/malloc-simple/alloc.c
===================================================================
--- trunk/uClibc/libc/stdlib/malloc-simple/alloc.c	2007-04-11 20:43:31 UTC (rev 18405)
+++ trunk/uClibc/libc/stdlib/malloc-simple/alloc.c	2007-04-11 22:52:20 UTC (rev 18406)
@@ -91,7 +91,8 @@
 
 	newptr = malloc(size);
 	if (newptr) {
-		memcpy(newptr, ptr, *((size_t *) (ptr - sizeof(size_t))));
+		size_t old_size = *((size_t *) (ptr - sizeof(size_t)));
+		memcpy(newptr, ptr, (old_size < size ? old_size : size));
 		free(ptr);
 	}
 	return newptr;




More information about the uClibc-cvs mailing list